Alert: Microsoft Security Bulletin - MS03-020
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 06/04/03
- Previous message: Mike Coppins: "manual patching required on Win2k?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 4 Jun 2003 15:47:24 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS03-020.asp
Cumulative Patch for Internet Explorer (818529)
Originally posted: June 4, 2003
Summary
Who should read this bulletin: Customers using Microsoft® Internet Explorer
Impact of vulnerability: Allow an attacker to execute code on a user's system
Maximum Severity Rating: Critical
Recommendation: System administrators should install the patch immediately
End User Bulletin: An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-020.asp.
Affected Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 for Windows Server 2003
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates two newly discovered vulnerabilities:
- A buffer overrun vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a web server. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's website, it would be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML email that attempted to exploit this vulnerability.
- A flaw that results because Internet Explorer does not implement an appropriate block on a file download dialog box. It could be possible for an attacker to exploit this vulnerability to run arbitrary code on a user's system. If a user simply visited an attacker's website, it would be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML email that attempted to exploit this vulnerability.
In order to exploit these flaws, the attacker would have to create a specially formed HTML email and send it to the user. Alternatively an attacker would have to host a malicious web site that contained a web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site.
As with the previous Internet Explorer cumulative patches released with bulletins MS03-004 and MS03-015, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.
Mitigating factors:The following mitigating factors apply to both vulnerabilities discussed in this bulletin:
- By default, Internet Explorer on Windows Server 2003 runs in Enhanced Security Configuration. This default configuration of Internet Explorer blocks these attacks. If Internet Explorer Enhanced Security Configuration has been disabled, the protections put in place that prevent these vulnerabilities from being exploited would be removed.
- In the Web based attack scenario, the attacker would have to host a web site that contained a web page used to exploit these vulnerabilities. An attacker would have no way to force users to visit a malicious web site outside of the HTML email vector. Instead, the attacker would need to lure them there, typically by getting them to click on a link that would take them to the attacker's site.
- Code that executed on the system would only run under the privileges of the logged in user.
Vulnerability identifier:
- Object Tag Vulnerability: CAN-2003-0344
- File Download Dialog Vulnerability: CAN-2003-0309
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!
http://www.trusecure.com/offer/s0074/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Mike Coppins: "manual patching required on Win2k?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
